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We describe a minimization procedure for nondeterministic Biichi automata (NBA). For an automa- 
ton A another automaton A m ; n with the minimal number of states is learned with the help of a SAT- 
solver. 

This is done by successively computing automata A' that approximate A in the sense that they 
accept a given finite set of positive examples and reject a given finite set of negative examples. In the 
course of the procedure these example sets are successively increased. Thus, our method can be seen 
as an instance of a generic learning algorithm based on a "minimally adequate teacher" in the sense 
of Angluin. 

We use a SAT solver to find an NBA for given sets of positive and negative examples. We use 
complementation via construction of deterministic parity automata to check candidates computed in 
this manner for equivalence with A. Failure of equivalence yields new positive or negative examples. 
Our method proved successful on complete samplings of small automata and of quite some examples 
of bigger automata. 

We successfully ran the minimization on over ten thousand automata with mostly up to ten states, 
including the complements of all possible automata with two states and alphabet size three and dis- 
cuss results and runtimes; single examples had over 100 states. 

1 Introduction 

Minimization is a well-studied and widely used principle in many areas. In the theory of automata the 
best known example is the minimization of deterministic finite automata (DFA). It has the interesting 
property that by using only local optimizations one will always reach the same global minimum. This 
property is not valid anymore for some other automata models, nevertheless local optimization can still 
achieve a considerable reduction in size. 

Because of that and its applications in automatic verification and other fields some incomplete min- 
imization algorithms of nondeterministic Biichi automata (NBA) have been studied. They include local 
([EH00] p. 6-11) minimizations, and other minimizations that do not guarantee to find a smallest au- 
tomaton but only reduce the size CF101 . Other studied minimization algorithms only work on some 
kind of Biichi automata (deterministic Biichi automata IIEhllOM or deterministic weak Biichi automata 
OdOlTn . 

These algorithm try to balance computational efficiency with low size of the resulting NBA or with 
generality. After application of these algorithms it is not guaranteed that a found automaton is minimal 
nor can minimality of a given automaton be proven, or they are not applicable to all automata. 

While this status is sufficient for many applications it is unsatisfactory not to have any algorithms 
for global minimization of NBA; on the theoretical side it is a gap, on the practical side it means that 
one never knows whether a given automaton might admit further reduction in size; especially when 
representing a policy the used automata are often very small and every additional state increases the 
resource consumption noticeable. 
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We present here the first procedure that computes for a given Biichi automaton an equivalent one of 
minimal size among all Biichi automata equivalent to the given one. We call this "global minimization 
for Biichi automata". 

Unlike in the case of deterministic finite automata such minimal automata are, however, not unique 
up to isomorphism. 

Our approach can be seen as an instance of Angluin's learning framework and indeed would be able 
to construct a minimal NBA for an arbitrary ft)-regular language presented by a minimally adequate 
teacher in the sense of (Ang87J. 



1.1 Biichi Automata 

A nondeterministic Biichi automaton (NBA) describes a language of infinite words. It is given by a tuple 
(Q,L,qo,F, 8) where Q is a finite set of states, £ a finite alphabet, qo £ Q the starting state, F C Q the set 
of final states, and 8 : Q x £ — > 2® the transition function. A word a^a^ ■ ■ ■ € L a is said to be accepted 
if and only if 3q\q2q3 ■ ■ ■ such that V/ € Nq.#;+i € 8(qi,ai) and Vi € N3j > i.qj G F . 

For example, a Biichi automaton for the language L = (0|l)*0 ffl ("finitely many Is") is shown in 
Figured] o,i o 




Figure 1: Example NBA, accepting the language (0|l)*0 ffl 

A run qoqiq2 • • • on this automaton for a word w £ Lis obtained 
by choosing k € N.VZ > k.wi = and setting = qo = ■ ■■ = qu and 1 = q^+\ = ... 
One defines the ft)-regular languages as those recognized by NBA. 



1.2 Problem complexity 



DFA can be minimized in polynomial time [Hop71] whereas minimization of deterministic Biichi au- 
tomata is NP-complete IISchlOllEhTTOll . 

In case of NBA, the minimization problem is PSPACE-complete as it is already PSPACE-complete 
for nondeterministic finite automata ([Gra07] page 27, theorem 3) and it is easy to see that minimization 
of Biichi automata is in PSPACE given the well-known fact that equivalence of NBA is in PSPACE. 

This in itself is not necessarily a problem because results of absolute minimization are nontrivial and 
of interest even for small problem instances. One may also remark that there exist practically and even 
industrially successful implementations of PSPACE hard problems, consider e.g. LTL model checking 
as implemented in the SPIN tool IIHol03ll or even the WMSO implementation MONA MKMOlll . 

The minimization procedure presented still leaves scope for further optimization, yet it is able to 
produce nontrivial and hitherto unknown results. For example, we were able to ascertain that in case 
of a two letter alphabet the complements of Biichi automata with two states require at most five states; 
we were also able to assert the minimality of the first instances of Michel's family of NBA [Mic88|, the 
first member of this family has two letters and two states and needs five states for its complement thus 
matching the here found limit for complement size for this automata size. 



1.3 SAT solver 

The abovementioned minimization algorithm of DBA Chi 101 uses a SAT-solver to search for a DBA 
equivalent to a given one with a smaller number of states. To this end, equivalence of automata is 
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encoded directly as a SAT formula which is possible since equivalence of DBA is in P. Since equivalence 
of NBA is PSPACE complete, this approach does not extend to NBA directly; nevertheless a SAT solver 
is a useful tool in our approach. 

A SAT solver is a software that takes a boolean formula in conjunctive normal form (CNF) presented 
as a list of clauses in some machine readable format and returns a satisfying assignment if the formula is 
satisflable and answers "unsatisfiable" otherwise. 

Although satisfiability of CNF is NP-complete, modern SAT solvers can be applied to practically 
relevant and appreciably large instances. On modern computers, instances with 1000 variables and 10000 
clauses are solvable in reasonable time. In specific cases even larger instances are solvable. This has 
earned SAT solvers a tremendous and still increasing popularity in recent years. 

While the standard construction of CNF results in exponentially bigger formulas, introduction of 
fresh variables can limit this blowup to polynomial size. 

2 Overview over the algorithm 



The original automaton is transformed into a teacher for NBA in sense of Angluin [ Ang87 ] by performing 
equivalence tests for constructing counterexamples or returning true. 

The core is a candidate finder that creates Biichi automata out of positive (called good words) and 
negative (called bad words) word examples and additionally ensures minimal size for automata classify- 
ing these examples. 

This is used to find candidates for the minimal automaton. A candidate is checked against the original 
automaton. In case of equivalence the candidate is a minimum automaton, whereas inequivality results 
in new good or bad words. 

The candidate finder is presented in section 12.21 the algorithm using the learner as black box in 
section [231 Pseudo code presenting both at once is given in Figure [4] 

2.1 Notation 

The following notations are used in this paper: 

• Wi denotes the i-th letter of the word w. 

• [a] denotes the one-letter word consisting of a € E; 

• i ► j denotes a transition with the word w from state i to state j; 

• i -p-> j denotes a transition with the word w from state i to state j with a visit of a final state 
anywhere on this path (including i and j); 

• i _L_> j -Jt_> k is short for i -^-> j A j — > t, 

• i ~t-> j -T"> k is short for (i j A j -f* *) V (i -^-> j A j -*U k). 

• For an automaton A we denote the language of the automaton by L(A). 



2.2 Candidate finder for Biichi automata 

The candidate finder generates from given finite sets G and B of ultimately periodic words and an integer 
value n a SAT formula whose satisfying assignments precisely correspond to automata A' with n states 
such that G C L(A') C B. 
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The SAT formula represents an unknown automaton X with n states using variables t\ ,- a (an a- 
labelled edge from i to j) and /; (finality of state i). Further variables are defined, including z u .v (uv 03 is 
accepted by X). The formula itself then has to ensure these intended meanings and additionally comprises 
the conjunction of z u ,v f° r uv m £ G and ->z u ,v f° r uv m £ B. 



variable 


meaning 


Si 


State i is final state 




I -LU j 


di,j,w 






\a\ ■ w j 

i -^—> j — — > k 


Xw,i,j,m 


There is a k G {1, .. . ,2' n }, such that i j 


hw,i,j,k,m 


There are h,l 2 € {1,... ,2 m }, such that z > j w ' 2 > * 


DiJ, w 




Gi,j,k,a,w 




Su,v,i,m 


There is a * G {1, . . . ,2'"} that q " v * > z 


Uu,v,i,j,m 


ThereisaitG{l,...,2 m }that^ " > z vt > ; 


Bij t w,m 


There is a number /c G { 1 , . . . , 2 m } such that i -p-» j A j > z 




There is a number /c G { 1 , . . . , 2" 1 } and a state j such that i -p-> j A j -^—> i 


yu,v,i 


There are k h k 2 G {1, . . . ,2P°fcW] +1 } such that # ^ > Mi V * 2 F + ' > i (is wv ffl 
accepted via the state i as loop knot). 


Zu,v 


The word uv® is accepted. 



Table 1: Variables used in the SAT encoding 



variable 


deduction 


dij, e 


i = j 


dij,[ a ] 






V/t=0...n-l °i,j,k,a,w 


OiJ,k,a,w 


di,k,\a] ^"k,j,w 




i = j 


%w,i,j,0 




■%w,i,j,m 


%w,i,j,m—l V Vfe=0...»— 1 hw,i,k,j,m—l 


Zu.v 


\l k=0...n-\yu,v,k 



Table 2: Definition of variables (selection) 



Table[T]summarises the variables used in the expression. The variables are chosen in a way that every 
variable can be deduced by a small (constant size or linear in count of states) SAT formula from other 
variables; this limits the blowup for generating a CNF to polynomial instead of exponential size. These 
deductions follow in a simple way from their meaning; for some variables these deductions are shown in 
Table H 

All in all the SAT expression consists of linear many variables as function of the alphabet size, the 
number of good and bad words and the length of the good and bad words. There are cubic many as 
function of the size of the automaton searched for. 
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The external used variables of this expression are: 

• Z"", "0" (acceptance of the word ra ), 

• Z"","i" (acceptance of the word l ffl ), 

• f o,o,'o' (existence of transition with letter from state to state 0), 

• <o,o,'i' (existence of transition with letter 1 from state to state 0) and 

• /o (finality of state 0). 

(w"","r,o,o,i (do,o; m A*»r,o,o,i)) A(sf»vi»o,i -<=>• «"","r,o,o,i) A(A),o,"i" (to.o.'i' Afo)) A (c/ ,o,"r 
to.o/i') A (*"r,o,o,o ^o.o/t) A (^"i",o,o,o,o *"i",o,o,o) A (a>t',o,o,i (*"i",o,o,o V ft"i ,, ) o ) o,o,o)) A 

(Bo,o,"i",i (■Do,o,"i" A;c "i",o,o,i)) A ( i o,"i",i Bo ) o,"i",i)A(y"","i" ) o (5»»»r,o,i AL ,'T\i)) Afz-yr 

y"","l",o) A (^0,0,"") A («"","0",0,0,1 (4,0,""A*'0",0,0.l))A(s»V'0",0,I M"","0",0,0,l) A(Z)o,0,"0" ^==> (to,o/o'A 

fo)) A (rfo.O."0" to,0/0') A (*"0",0,0,0 ^0,0,"0") A (/j"0",0,0,0,0 ^=^* *'0",0,0,o) A (x"0",o,0,l (^"0",0,0,0 V 

fe'0",o,o,o,o)) A (So,o,"o",i -<=>• (£>o,o,"o- Ax-o-.o.o.i)) A (Lo,"0",i Bo,o,"0",i) A (y"","o",o < s=> (•s , '","0",o,i A 

A),"0",l)) A (Z".yo" 3""\"0'\o) A (z~ VT -) A (-tz»».. ») 

Solution computed by Minisat: 

«"","1",0,0,1 > ^0,0,""' *'1",0,0,1' *'"',"1",0,1. A),0,"1"> to,0,'l'> fo, ^0,0,"1"' **'1",0,0,0> ^"1",0,0,0,0, ^0,0,"1",1» ^0,"1",1, 
y'"',"l",0. Z"","l", -| M"","0",0,0,1» ~tf"0",0,C!,l> -, J"""0",0,1» ~ , -Do,Q,"Q"> ~ , toO/0'> ~'^0,0,"0", ~ , ^"0",0,0,0, ~'^"0",0,0,0,0 ! 
"■^O.O-O'M, _, ^'0,"0",1> " n J"","0",0> -iZ"","0" 

Figure 2: SAT expression forG = {l ffl },fi = {O 68 }, n = 1 and its solution 

For further illustration, we present in Figure |2] the entire expression corresponding to G = {I 03 } and 
B = {0 m } and n = 1 as well as its satisfying assignment computed by Minisat. For better readability the 
formula is presented not in CNF while it is in CNF in the implementation. The only needed transforma- 
tion for creating CNF is resolving the equivalences (denoted by " <^=^> ") thus roughly doubling the size 
of the expression. 



example words 


resulting 


automaton 


example words 


resulting 


automaton 


G = {l m } 
B = {0 W } 


i 


G = {o ffl ,r} 

s={(oin 


i 





G = {0l co ,l0 m } 
fi = {0 £O ,l £O } 




i 

oil) 



^5 


G={(oin 

B = {0 m ,\ m } 




*\ J 


to 



Table 3: Example calculations of candidate automata from sets of words 



Table [3] shows some calculations of candidate automata from sets G and B obtained in this way. We 
remark that even though in the right column the sets G and B are swapped, the resulting automata are not 
complementary as for example neither automaton accepts 0l m . 
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2.3 Minimization algorithm 

This part describes the minimization algorithm; for a given automaton A find an automaton A m ; n such 
that A m j n is equivalent to A and no automaton with fewer states is equivalent to A. 

• Step 1: Choose sets of ultimately periodic words G and B. One may use empty sets; any sets of 
words such that G C L{A) C B are adequate. 

• Step 2: Use the candidate finder to gain some automaton A' out of G and B with minimal number 
of states such that G C L(A') C fi. 

• Step 3: If L(A) = L(A') then A' is returned as minimal automaton; in the opposing case choose 
some counterexample uv m and expand G or B with it. Now resume at step 2 with the bigger sets. 

This algorithm terminates as the sets G and B hinder any automaton occured once to occur again. 
Furthermore there are only finitely many automata smaller than A so after finitely many steps A would 
be returned if no smaller equivalent automaton could be found. 

Furthermore the automaton returned has to be equivalent to A as this is checked before returning the 
automaton. It is furthermore minimal as no smaller automaton can separate G and B but every automaton 
equivalent to A does so. 

2.4 Implementation 

We have implemented the algorithm in Ocaml, Minisat2 [ES] is used as SAT solveiQ. 

Figure [3] displays the main data flow while Figure [4] summarises the complete algorithm in pseu- 
docode. 




Figure 3: Main data flow for minimization 
A download of the program is available under http: //www2 . tcs . if i . lmu. de/~barths/nbamin.html 
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00: A = automaton to be minimized; 
01:negA = complement A; 

02 :G = B = {}; (* Sets of good and bad words. *) 

03:n = 1; 

04: loop beginning 

05: try A' = NBA-f rom-solution (SAT-solver (SAT-expression G B n)) 
06: failure -> (* No automaton with n states could be found. *) 
07: n := n + 1; 

08: back to loop beginning; 

09: success -> (* A' is candidate for minimized automaton. *) 
10: xB = intersect A' negA; 

11: if xB nonempty 

12: B := B U {onewordfrom xB}; (* new bad word. *) 

13: back to loop beginning; 

14: else (* L(A') C L(A) *) 

15: negA' = complement A'; 

16: xG = intersect A negA'; 

17: if xG nonempty 

18: G := G U {onewordfrom xG}; (* new good word. *) 

19: back to loop beginning; 

20: else (* L(A) C L(A') *) 

21 : return A' . 



Figure 4: Pseudo code for the complete algorithm 

9 

Calculating example words. Counterexamples to L(A) = L(A') are obtained as words in the lan- 
guage of NBA B or C which are constructed from A and A' such that L(B) = L{A)\L{A') and L(C) = 
L(A')\L(A), thus finding a word in L(B) or L(C) results in a word in L(B) UL(C) = L(A) A L(A') where 
A denotes symmetric difference. We now describe how to decide whether for arbitrary NBA D we have 
L(D) 7^ and in the affirmative case how to construct an ultimately periodic word uv m G L(D). 

We begin by calculating the strongly connected components of D by some linear algorithm, in our 
case Kosaraju's algorithm IICCII . Subsequently, we choose a final state i in a strongly connected compo- 
nent of size at least two or that has a transition to itself and can be reached from the starting state with 
some finite word u. There is a path from i to i with some nonempty word v as / has a transition to itself 
or lies in a strongly connected component of size at least two. 

From this construction we then know that uv m G L(D). We further try to reduce the lengths of u 
and v by favoring small strongly connected components that are close to the starting state and by further 
reducing the size of u making use of the identity xy(ly) w = x(yl) w where applicable. 

Complementation. To test for equivalence we need to repeatedly complement the candidate automata 
A' as well as the input automaton A itself. Thus, complementation forms an important component of our 
algorithm and the choice of the right algorithm as well as its implementation will be crucial. 

As suggested by [TFVT10] complementation of NBA by transforming them into deterministic parity 
automata (DPA), complementing them and transform them back to NBA is preferable. Thus this proce- 
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dure is used here and leads indeed to small runtimes for that part of the algorithm. For transformation of 
NBA to DPA the algorithm of Safra enhanced by Piterman [Pit07 ] is used. 

2.5 Optimizations 

We used different optimization to improve the runtime of the algorithm. 

Complement storage. As the complement of the base automaton is used often we calculate it at the 
beginning and store it. 

First search for bad words. As this does not include complementation of an automaton it is more 
efficient to search for words in A n A' and skip complementation of candidate automaton A' if a bad word 
could be found. 

Size reduction of NBA. We implemented a series of size reducing algorithms for NBA that require 
only linear runtime; they are applied on all intermediate automata and give a notable optimization of 
runtime. The used algorithm include 

• Drop unreachable states 

• Drop states where the automaton gets stuck 

• Use a heuristic to detect some states from where all words are accepted. Merge them to one 
universal state and drop all outgoing transitions 

• Drop transitions that could otherwise have been used to reach that universal state 

Stop if no smaller automaton found. If no smaller automaton was found we have proven minimality 
and can return the base automaton. 

Choose start words. For the needed sets of good and bad words some short (respective their represen- 
tation) words are chosen. This does not only reduce the number of needed calls of the automaton finder 
but also reduces the runtime for the single calls of the SAT solver at least if there are not too many short 
words in it. How many example words are useful changes with the introduction of other optimizations 
and is adapted by benchmarks from time to time. Currently the words a m , ab a , (ab) m , a{ab) m for all 
different letters a and b as well as w m (where w contains every letter exactly once) are used. 

Extra knowledge for the SAT expression. We can gain some knowledge out of the automaton to 
minimize and include it into the SAT expression. For example if no word starts with the letter a we know 
that there is no transition from the starting state to any states with label a. 

Giving an order to the states does also gain some speed. This technique is known as symmeUy 
breaking and is also used. 
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2.6 Asymptotic runtime 

Let SAT(n) be the runtime of a SAT solver on an input of at most n variables and clauses. Let C(n) 
be the time required to complement an NBA with at most n states and c(n) the size of this complement 
automaton. 

The runtime of our minimiser on an automaton of size N with minimal automaton of size n whose 
complement has already been computed can then be summarised by: 

0(1 ■ (c(n) -N + n- c(N) + C(n) + SAT (0(1 -n 3 )))) 

where I is the number of iterations of our algorithm. Obviously, I = 2°^ n \ but in practice, I is much 
smaller than this bound. 

The factor I in the SAT expression comes from the linear dependency of the SAT formulas on the 
number of example words. 

Additionally, if the complement of the input automaton is already known the runtime depends only 
linearly on the size of the automaton for different automata describing the same language. 

3 Experimental results 

As said in the previous chapter the runtime for minimization depends much more on the size of the found 
minimal automaton than on the size of the original automaton. 

Most given runtimes were measured on the same machine; 2300 MHz, Quad-Core AMD Opteron(tm) 
Processor 8356; for each calculation one core was used. Vague given runtimes were calculated on slower 
machines. 

If the minimal automaton is small enough and the complementation of the automaton is fast enough 
even large automata can be minimized; for example we could find some randomly generated automata 
with 40 to 100 states whose minimal equivalent automata of size up to 5 could be found in some minutes; 
to ensure that this is the merit of the minimizer we ensured that the heuristic pre-minimizer could not 
reduce the size of the original automaton. 

(G(q V FGp) A G(r V FG->p)) V Gq V Gp 



4,5,6,7 




1 2 3 4 5 6 7 

p -ip p -./7 p -./7 p 

—<q —<q q q —>q —<q q q 

—if —if —\r —*r r r r r 



Figure 5: LTL formula together with its minimal automaton and the boolean value to alphabet translation 
table 

Furthermore we used a simple LTL to NBA translator that intentionaly does not optimize very well, 
just using our heuristic minimizer for the intermediate steps of the construction. Nevertheless we can 
minimize them if the minimal size is not too big. A formula (taken from [EF10]; details of the experi- 
mental evaluation, formula 1.22) that lead to an automaton of size 157 and could be minimized in half 
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an hour is shown in Figure [5] together with its minimal automaton. Remark that [EF10] used a partial 
minimizer on an 8 state version of this automaton and only could find a 6 state automaton representing 
this formula; we could find a 5 state automaton without using a well pre-minimized NBA. 

Speed measurement is given in Table 01 Random NBA with 10 states and alphabet size two were 
generated. States are final with probability 0.5; for every two states i,j and letter a there is a transition 
from i to j with probability 0.15. If there are unreachable states or states from where no word can be 
accepted the automaton is skipped. Abnormal termination means out of memory or timeout (12h). When 
starting with 7-state automata the table looks similar but has no abnormal termination; it does not give 
additional information about the runtime and is hence skipped. 

Table [5] shows the minimization results for complement automata of all automata with small size; 
as complementation can result in exponential blowup this needed minimizations of automata of bigger 
sizes. 

Having all these automata minimized one can now be sure that no automaton with two states and 
two letter alphabet needs more than 5 states for its complement. For three letter alphabet this limit is 
increased to 7 states. Only two (up to alphabet permutation) automata reach this limit. 

Work is in progress to minimize all complements of automata with three states and two letter alpha- 
bet; an automaton with minimal complement of size 8 was found hereby; it is presented in Figure [6] 

We also run our procedure on several instances of Michel's automata M n over the alphabet £ = 
{0, . . . ,«} and with n + 1 states RMic881l which were introduced to establish an n\ lower bound for com- 
plementation of NBA. Indeed, Michel has shown that no NBA with fewer than n ! states can recognize 
the complement of L{M n ). 

The automata M n are given schematically on the left side in Figure |7] where i represents a number in 
{1, ...,«}, so i 7^ 0. 

We needed under a minute to compute the minimal complement of M\ ; for M2 we could prove that 
at least 7 states are needed to represent it while the full minimization process timed out. 
The minimality of M n for 1 < n < 5 could be proven as well. 

Another calculated minimization example was taken from I EF10I . a paper describing a minimization 
algorithm of NBA wherein a stronger form of equivalence, so-called bounded language equivalence, is 
used. It is presented in Figure [8] The automata shown are language equivalent, but not bounded language 
equivalent. As result a minimizer based on bounded language equivalence could not find (b) as minimal 
automaton for (a). 

Our complete minimizer could minimize the 6 state, 4 letter automaton (a) under a minute, leading 



Resulting size 


count 


average time 


10%-decile 


median 


90% -decile time 


1 


245 


9.71 -lO^s 


5.66 -lO^s 


7.65 -lO^s 


2.85 -lO^s 


2 


179 


2.98-10~'s 


4.08-10 _2 s 


3.00 lO"^ 


5.45- 10 _1 s 


3 


76 


2.04 s 


l.SO-lO-'s 


1.96 s 


4.02 s 


4 


80 


9.82s 


3.33s 


9.13s 


2.08 -lO's 


5 


66 


4.30 -H^s 


1.46-10 1 s 


3.78 -H^s 


8.47 -H^s 


6 


53 


7.77 -10 2 s 


1.04 -10 2 s 


2.96 -10 2 s 


1.50- 10 J s 


7 


38 


7.61 -10 3 s 


4.16- 10 2 s 


3.14- 10 3 s 


2.24- 10 4 s 


8 


2 


2.01 -10 4 s 


7.78 -10 3 s 




3.24- 10 4 s 


Abnormal termination 


199 





Table 4: Measured minimization times for automata of stalling size 10. 
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statesl / |E| /#different automata 



2/2/768 



2/3/12288 



#reducing to size 1 
#reducing to size 2 



478 
290 



4404 
7884 



#minimal complement size 1 
#minimal complement size 2 
#minimal complement size 3 
#minimal complement size 4 
#minimal complement size 5 
#minimal complement size 6 
#minimal complement size 7 



372 

206 

134 

40 

16 



2850 

2754 

3024 

2429 

1039 

180 

12 



Table 5: Complete sampling of automata with small sizes 



to the result shown in Figure [8] (minimized). It did not find the automaton (b) from Figure [U but instead 
another language equivalent but not bounded language equivalent automaton of the same size 5. 

4 Conclusion 

We have established the first global minimization algorithm for arbitrary nondeterministic Biichi au- 
tomata. Previous algorithms were either restricted to special classes of Biichi automata or computed the 
automaton with the least number of states among those reachable from a given one by several optimiza- 
tion steps. 

Despite the exponential worst-case running time of our algorithm we succeeded in applying it to 
several nontrivial automata with an acceptable runtime and in this way established previously unknown 
facts. Several people asked for a comparison with a naive brute force enumeration of all Biichi automata. 
We note here that already the number of automata with 5 states and alphabet size 2 exceeds 10 16 and for 
every one of these a costly equivalence test would have to be performed which means that this procedure 
is infeasible for input automata with six or more states. 

Of course, we did not establish a new upper bound of complexity with our algorithm but this was not 
to be expected as minimization of Biichi automata is PSPACE-complete. We also note that it has become 
common practice with good practical results to develop and use algorithms with exponential worst case 
runtime, e.g. SAT-solvers, or model checkers for LTL. 

In particular we were able to assert that no Biichi automaton with two states and alphabet size two 
has a minimal complement automaton with more than five states and that the minimal complement au- 
tomaton of Michel [Mic88] for alphabet size two achieves this bound. With the brute force enumeration 
such result would have been impossible to obtain even assuming some heuristic strategies to rule out 
candidates. 

The implementation of the relatively straightforward optimizations described in Section 12.51 each 
produced considerable speedups; we thus hope that further relatively easy optimizations would allow us 
to push the limit of feasibility further out and make more applications accessible to our method. For all 
tested automata over a size of 4 for the minimal automaton over 50% of computational time went into 
the SAT-solver, most times over 99% of time is used here so further optimization focuses here. 

We were asked to what extent our algorithm is able to produce certificates of the asserted minimality 
of its output. Since minimization is PSPACE complete we cannot in general expect polynomially sized 
certificates unless NP=PSPACE. However, we can remark here that the final sets of good (G) and bad 
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Figure 7: Michel automaton schematically and minimal complement of Mi 



words (B) together with the purported size n of the minimal automaton can serve as a ceritificate of 
sorts in the following way. An opponent who is not convinced of the asserted result can first check that 
GCI and fiCL where L is the language of the original automaton to be minimized. Thereafter, they 
could construct the SAT formula searching for an automaton of size n — 1 whose language L' satisfies 
G C L' C B. Alternatively, we could provide a corresponding resolution proof. While potentially large 
and difficult to check, these certificates are considerably more concise and intuitively valid than the 
always-open fallback option of a complete trace of a run of the algorithm. 

In particular, in automata-based software model checking [Hol03] one must check that all runs of 
a program are accepted by an often small policy automaton. Minimizing the latter might result in con- 
siderable gains if it is used repeatedly on many different programs. Consider e.g. that the automaton 
represents some publically advertised security policy or even a standard. 

We also anticipate possible usages of our algorithm as a tool for research into Biichi automata and 
teaching thereof. It could for example be used to early refute hypotheses about the strength of mini- 
mization heuristics yet to be invented. Notice here that our algorithm was able to further minimize the 
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2,3 0.1 0,1 




(a) (b) (minimized) 



Figure 8: (a), (b): Automata shown in [EF10] page 15 Figure 5; alphabet was chosen with letter for 
(-<p,-<r), 1 for (-1/7, r), 2 for (p,->r), 3 for (p,r); (minimized) is the result from our algorithm 



automaton from HEFIOL 

Finally, it will also be interesting to apply our SAT-based search to other instances of "minimally 
adequate teachers" for ft)-regular languages, in particular the ones arising from compositional verification 
rfCGTTI 
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